EP-2362 - Okta #1051
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
push: | |
branches: [staging, master] | |
pull_request: | |
branches: [staging, master] | |
workflow_dispatch: | |
# Allows manual build and deploy of any branch/ref | |
inputs: | |
auto-deploy: | |
type: boolean | |
description: Deploy image after building? | |
required: true | |
default: 'false' | |
permissions: | |
id-token: write | |
contents: write | |
jobs: | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: 16.10.0 | |
- name: Install Dependencies | |
run: yarn install --immutable --immutable-cache | |
- name: Lint Check | |
run: yarn lint | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
# Help Codecov detect commit SHA | |
fetch-depth: 2 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: 16.10.0 | |
- name: Install Dependencies | |
run: yarn install --immutable --immutable-cache | |
- name: Run Tests | |
run: yarn test | |
- name: Upload Codecov Reports | |
uses: codecov/codecov-action@v2 | |
deploy: | |
runs-on: ubuntu-latest | |
environment: | |
name: ${{ (github.ref == 'refs/heads/master' && 'production') || 'staging' }} | |
needs: [lint, test] | |
if: (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/staging')) || (github.event_name == 'workflow_dispatch' && github.event.inputs.auto-deploy == 'true') | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v2 | |
with: | |
node-version: 16.10.0 | |
- name: Install Dependencies | |
run: yarn install --immutable --immutable-cache | |
- name: Build App | |
env: | |
S3_GIVE_DOMAIN: //${{ secrets.GIVE_WEB_HOSTNAME }} | |
ROLLBAR_ACCESS_TOKEN: ${{ secrets.ROLLBAR_ACCESS_TOKEN }} | |
DATADOG_RUM_CLIENT_TOKEN: ${{ secrets.DATADOG_RUM_CLIENT_TOKEN }} | |
run: yarn run build | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@036a4a1ddf2c0e7a782dca6e083c6c53e5d90321 | |
with: | |
aws-region: us-east-1 | |
role-to-assume: ${{ secrets.AWS_GITHUB_ACTIONS_ROLE }} | |
# Deploying to S3 with the --delete flag can be problematic if a cached file references a deleted file | |
# Solution: deploy once without deleting old files, invalidate the Cloudfront cache, then deploy a second time with the flag to delete previous files | |
- name: Deploy to S3 | |
run: aws s3 sync dist s3://${{ secrets.AWS_WEB_STATIC_BUCKET_NAME }} --region us-east-1 --acl public-read --cache-control 'public, max-age=300' | |
- name: AWS Cloudfront | |
run: aws cloudfront create-invalidation --distribution-id ${{ secrets.AWS_CLOUDFRONT_DISTRIBUTION_ID }} --paths "/*" | |
- name: Deploy to S3 and Delete Previous Files | |
run: aws s3 sync dist s3://${{ secrets.AWS_WEB_STATIC_BUCKET_NAME }} --region us-east-1 --acl public-read --cache-control 'public, max-age=300' --delete |